- session_start: documentation ( source)
<?php
session_start();
// some sort of user authorization should go here.
if (isset($_POST['userContent'])) {
// see https://gist.github.com/adrian-enspired/2e03b01fcfff54151864
require 'pdo.php';
require_once 'tools/HTMLPurifier.standalone.php';
$purifier = new HTMLPurifier(HTMLPurifier_Config::createDefault());
$data = [
'author' => $_SESSION['userId'],
'content' => $purifier->purify($_POST['userContent'])
];
if (isset($_POST['id'])) {
$data['contentID'] = $_POST['id'];
$stmt = $db->prepare("UPDATE userContent SET content=:content WHERE id=:contentID AND author=:author");
} else {
$data['section'] = 1;
$stmt = $db->prepare("INSERT INTO userContent (section, author, content) VALUES (:section, :author, :content)");
}
$stmt->execute($data);
}